Botnet Trend Report

Botnet Trend Report 2019-6

August 17, 2020

Overview of DDoS Attacks in 2019

According to the observation of NSFOCUS Security Labs, DDoS botnets in 2019, though with some changes, continued with the same patterns in attack targets, families, and operating platforms overall.

Among the track data of NSFOCUS Security Labs in 2019, there were more than 1.1 million instructions given by DDoS botnet families, 63% of which (over 700,000) were effective ones. According to the Labs’ metrics, these DDoS instructions resulted in over 400,000 attack events.

In terms of geographic locations, the USA was still the most targeted country, followed by China, the UK, and Australia.

(more…)

Botnet Trend Report -5

August 10, 2020

Spear Phishing and Malicious Documents

In the past few years, including malicious attachments in emails has become one of the most common methods that APT groups and various cybercriminal groups use to launch spear phishing attacks. Compared with previous years, 2019 saw more spear phishing attacks with a bigger impact, which was linked with the following facts.

(more…)

Botnet Trend Report -4

August 3, 2020

In the reconnaissance phase, a bad actor can determine which targets to attack through batch scanning. Such scanning is often focused on user names and passwords for access to and vulnerabilities in devices. Besides, an attacker may try to compromise targets by delivering malicious baits to their email addresses collected previously.

(more…)

Botnet Trend Report -3

July 27, 2020

Botnets can pose a variety of cyber threats. NSFOCUS Security Labs has been focused on the capture, track, and study of botnet-related threats. In 2019, the Labs further upgraded its capturing and tracking techniques and capabilities and expanded its scope of interest to cover more diverse threats, including cryptojacking, ransomware attacks, data theft by banking Trojans, and adware bundling. Besides, the Labs took up research on mobile platforms, which were quite a mess in terms of security.

(more…)

Botnet Trend Report -2

July 20, 2020

2019 witnessed frequent breakout of cybersecurity events, in which malware played an important role, exhibiting an eye-popping power of destruction with botnets.

At the end of 2018, Driver Talent suffered a supply chain attack as a result of its upgrade channel being planted with a Monero mining trojan, which, once breaking into a computer, would spread laterally via the EternalBlue exploit to infect more computers. The impact of this attack could still be felt in 2019, giving rise to a slew of emergencies.

(more…)

Botnet Trend Report 1

July 13, 2020

Executive Summary

With the rapid advancement of computer technologies and more and more network devices joining the Internet, the global Internet has expanded at an unbelievably high speed. However, efforts made in enhancing cybersecurity are lagging far behind the growth of the Internet, leaving an ever-growing gap in between. Many cybercrime groups and individuals are trying to take hold of insufficiently secured network resources and turn them into botnet clusters for the purpose of garnering illegal profits.

(more…)

Botnet Trend Report-14

September 18, 2019

Conclusion and Recommendations

In 2018, botnets continued using DDoS as their primary weapon to attack regions with ubiquitous high speed networking for direct economic gains. However, they underwent significant changes in behavioral patterns, host platforms, C&C server deployment, infection methods, attack methods, and payload types. Security service providers need to adapt their strategies to better mitigate the increasing threats posed by the new generation of botnets. (more…)

Botnet Trend Report-13

September 11, 2019

4.4 Satan: Evolving Ransomware

In late April 2018, MalwareHunterTeam reported seeing new ransomware that leveraged EternalBlue to propagate. Through analysis, we found that the ransomware was based on a new version (dubbed V2) of Satan, a ransomware family launched in 2017. The ransom demanded in this version increased from 0.1 to 0.3 Bitcoin. At the same time, a certain variant of IRCBOT also captured download instructions related to this malware. From the instruction set, Satan was confirmed to be the ransomware payload. (more…)

Botnet Trend Report-12

September 4, 2019

4.3 XMRig: Cryptomining For Fun and Profit Cryptomining by botnets has gained popularity in the past two years. Unlike other common malicious activities like DDoS, ransomware attacks, and confidential information theft, cryptomining has some unique characteristics: 1. Predictable earnings. Cryptominers are good at hiding their presence by controlling their CPU usage within 30%–40%. Based on […]

Botnet Trend Report-11

August 28, 2019

4.2.2 Analysis  During the first quarter of 2018 when BillGates was extremely active, the family was found to attack 3962 targets, most of which were in two Central American countries. The following map shows the distribution of BillGates targets in China that NSFOCUS was able to directly monitor. BillGates ignored common ports, such as 22, […]

Search

Subscribe to the NSFOCUS Blog